Oups - forgot the subject...
> forgot to mention - (it was too late in the evening yesterday) - this was
> found in
> openssl-0.9.5a, file crypto/evp/bio_b64.c, function static int
> b64_write(BIO *b, char *in, int inl)
>
> Today I prepared a build of OpenSSL with my changes and tested it. Seems
> to work fine. The changes are marked with *** in the snippet below
>
> At the end of the message you'll find a description of how the proposed
> fix was tested
>
> =================================
>
> --------------------------
> original code
> --------------------------
> if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
> {
> if (ctx->tmp_len > 0)
> {
> n=3-ctx->tmp_len;
> memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
> ctx->tmp_len+=n;
> n=ctx->tmp_len;
> if (n < 3)
> break;
> ctx->buf_len=EVP_EncodeBlock(
> (unsigned char *)ctx->buf,
> (unsigned char *)ctx->tmp,n);
> }
>
> ------------------------------
> new code:
> ------------------------------
>
> if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
> {
> if (ctx->tmp_len > 0)
> {
> n=3-ctx->tmp_len;
> memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
> ctx->tmp_len+=n;
> /* n=ctx->tmp_len; removed statement *** */
> /* if (n < 3)
> ***
> break; removed statement ***
> */
>
> /* you could do (ctx->tmp_len < 3 ) check
> instead of the removed one here */
>
> ctx->buf_len=EVP_EncodeBlock(
> (unsigned char *)ctx->buf,
> (unsigned char *)ctx->tmp, /* n
> replaecd parameter *** */ ctx->tmp_len );
>
> ctx->tmp_len=0; /* added statement *** */
> }
>
> =================================
>
>
> TEST description - enc_base64 and dec_base64 create mem bios with attached
> base64 filter bios
> dec_64 mem bio returns 0 on EOF (BIO_set_mem_eof_return(b,0) was set).
> base64 filter bios have
> BIO_set_flags ( b64, BIO_FLAGS_BASE64_NO_NL); flags set.
>
> for every iteration of the loop the length of the string encoded and
> decoded increases by 1 until it reaches
> the original length of the array. The original string was encoded than the
> encoded result was decoded and compared with the original.
>
> As a result somewhere around 1800 iterations were done and it worked fine.
>
> ==================
> {
> char array[]=<array containing about 2 KBytes containing some test
> phrases>
>
> for( int j = 1; j < array_len; j++)
> {
> c = array[j];
> array[j]='\0';
>
> cb = enc_base64( ain, &outenc);
>
> cb = dec_base64( outenc, &outdec);
>
> if( strcmp( array, outdec) != 0)
> _ASSERT(0);
>
> array[j]=c;
>
> if( outenc)
> Free( outenc);
>
> if( outdec)
> Free( outdec);
> }
> }
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
